VALUE IN E-MRTD SECURITY MECHANISMS TRAVELER CONVENIENCE WITHOUT COMPROMISE 10/8/2014 1
Transcription
VALUE IN E-MRTD SECURITY MECHANISMS TRAVELER CONVENIENCE WITHOUT COMPROMISE 10/8/2014 1
10/8/2014 VALUE IN E-MRTD SECURITY MECHANISMS 1 TRAVELER CONVENIENCE WITHOUT COMPROMISE IN CITIZEN TRAVEL & MIGRATION • • • >50% (~110) Issuing eMRTD ~31 Issuing EAC Very few validating chip contents 2 1 10/8/2014 EVOLUTION IN E-MRTD SECURITY FEATURES 1980: ICAO 9303 Standardized Independent Data Structures 1998: 1st eMRTD 2000: ICAO defines LDS Chip Authenticity 2009: Jun 28th - EU Deadline for EAC issuance LDS2 EAC PACE 2015: Nov 24th – ICAO Deadline for MRP AA BAC PA LDS1 MRP X509 PKI CSCA & DS Evolution of Chip Access Binding of Identity ISO 7816 PKI CVCA & DVCA 3 LOGICAL DATA STRUCTURE (LDS 1) • Standardized by ICAO 9303 • Includes DG1 & DG2 At a minimum • Includes Header & Data Group • Presence Map stored in EF.com • Not security per-se, but standardization supports interoperability • Write protection & integrity proofs mandatory — stored in EF.SOD • Value — interoperability 4 2 10/8/2014 AUTHENTICATION OF DATA — PASSIVE AUTHENTICATION • Threat: Document forgery • Mechanism: Validation of data, signature & document signer certificate • Compliance: ICAO recommended • Provides: Proof of data integrity & authenticity of document signer SOD • HashLDS Value: Strong assurance of authenticity. Integrity of document data contents # KPuDS HashLDS = KPuCSCA HashLDS 5 CHIP ACCESS — BASIC ACCESS CONTROL (BAC) • Threat: Data being copied (skimmed) or intercepted during communication (eavesdropping) • Mechanism: Authentication based on concatenation of Document Number, Date of Birth and Date of Expiry (including check digits) — hash of this MRZ data used as seed key to derive session keys; Basic Access Control based purely on symmetric cryptography • Compliance: ICAO optional, but recommended • Provides: Confidentiality of data transitioning the chip-to-reader OTA channel • Value: Allows document holders to control privacy MRZ Read Authentication & Seed Key Derivation Secure Session Establishment 6 3 10/8/2014 CHIP AUTHENTICITY - ACTIVE AUTHENTICATION KPrAA • Threat: Chip substitution • Mechanism: Challenge response initiated by employing chip active authentication key pair — public key (proven authentic by PA) validates AA signature • Compliance: ICAO optional (mandatory under EU CP) • Provides: Proof that chip is authentic & associated with the data page • Value: Assurance chip is genuine, not counterfeit DG15 KPuAA 7 CHIP ACCESS -— PASSWORD-BASED CONNECTION ESTABLISHMENT /SAC • Threat: Theoretical weakness in BAC protocol • Mechanism: Password-based (MRZ Derivation or CAN) and asymmetric key exchange to establish secure session between chip and reader • Compliance: ICAO recommended (mandatory under EU CP in 2014) • Provides: Confidentiality of data transitioning the chip-to-reader OTA channel — low entropy entry data via PACE protocol provides stronger session security than BAC • Value: Higher assurance of privacy for holder personal information Password Entry or Derive from MRZ Key Agreement (Diffie-Helman based) Secure Session with PACE 8 4 10/8/2014 EXTENDED ACCESS CONTROL (EAC) • • • • • • Threat: Unauthenticated access to advanced biometrics — identity theft Mechanism: Implementation of fingerprint or iris biometrics with access controlled by ISO7816 Card Verifiable (CV) authentication against random challenge from RFID chip — authentication and granular authorization provided EAC PKI implementing CVCA, DV and IS certificate management Compliance: ICAO optional, defined by State (EU mandatory since 2009) Provides: Originating authority controlled access to countries authorized for biometric access Value: Strongly authenticated access to biometrics — mitigated risk of impersonation Secure Session with PACE Chip Authentication Passive Authentication Active Authentication Terminal Authentication 9 LOGICAL DATA STRUCTURE “TWO” (LDS2) – BASED ON CURRENT DRAFT LDS2 Data Elements Value • Digitizes remaining pages of eMRTD • Enables electronic verification of travel history & visas • May enable stronger verification through additional biometrics Mechanism • Controlled foreign write & read access terminals • Write access — discretion of issuer • Biometric read access — discretion of issuer • Visa/travel records read access — nondiscretionary • Leverages new LDS2 X509 CA subordinate to CSCA for issuance of LDS2 Signing credentials • Leverages ISO7816 EAC architecture for issuer control of foreign read & write privileges to eMRTD LDS2 Data Elements Travel Records (Stamps) LDS2 Authorized Data Reading State Visa Records eMRTD Issuing State or Organization Additional Biometrics LDS2 Authorized Data Signing State 10 5 10/8/2014 STRONGER SECURITY & GREATER UTILITY LDS2 CERT-BASED ACCESS CONTROL EAC STRONGER SESSION SECURITY CHIP AUTHENTICITY PACE AA BAC PA LDS1 Machine Readable DATA INTEGRITY AUTHENTICITY ACCESS CONTROL SESSION SECURITY 11 SERVING GOVERNMENTS GLOBALLY 6 10/8/2014 THANK YOU 13 7